Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2023-2564

    OS Command Injection in GitHub repository sbs20/scanservjs prior to v2.27.0. ... Read more

    Affected Products : scanservjs
    • Published: May. 07, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-2583

    Code Injection in GitHub repository jsreport/jsreport prior to 3.11.3.... Read more

    Affected Products : jsreport
    • Published: May. 08, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-12796

    The Reporting Compatibility Add On before 2.0.4 for OpenMRS, as distributed in OpenMRS Reference Application before 2.6.1, does not authenticate users when deserializing XML input into ReportSchema objects. The result is that remote unauthenticated users ... Read more

    Affected Products : openmrs
    • Published: Oct. 23, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2023-2645

    A vulnerability, which was classified as critical, was found in USR USR-G806 1.0.41. Affected is an unknown function of the component Web Management Page. The manipulation of the argument username/password with the input root leads to use of hard-coded pa... Read more

    Affected Products : usr-g806_firmware usr-g806
    • Published: May. 11, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-14024

    A Stack-based Buffer Overflow issue was discovered in Schneider Electric InduSoft Web Studio v8.0 SP2 Patch 1 and prior versions, and InTouch Machine Edition v8.0 SP2 Patch 1 and prior versions. The stack-based buffer overflow vulnerability has been ident... Read more

    • Published: Nov. 13, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-11402

    An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. Design flaws in OPC classic and in custom netfilter modules allow an attacker to remotely activate rules on the firewall and to connect to any TCP port o... Read more

    • Published: Nov. 20, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2023-22583

    The Danfoss AK-EM100 web forms allow for SQL injection in the login forms.... Read more

    Affected Products : ak-em100_firmware ak-em100
    • Published: Jun. 11, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2017-14378

    EMC RSA Authentication Agent API 8.5 for C and RSA Authentication Agent SDK 8.6 for C allow attackers to bypass authentication, aka an "Error Handling Vulnerability."... Read more

    • Published: Nov. 29, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-16930

    The remote management interface on the Claymore Dual GPU miner 10.1 allows an unauthenticated remote attacker to execute arbitrary code due to a stack-based buffer overflow in the request handler. This can be exploited via a long API request that is misha... Read more

    Affected Products : claymore_dual_miner
    • Published: Dec. 05, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-14907

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, cryptographic strength is reduced while deriving disk encryption key.... Read more

    Affected Products : android
    • Published: Dec. 05, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-11005

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a Use After Free condition can occur during a deinitialization path.... Read more

    Affected Products : android
    • Published: Dec. 05, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-14914

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, handles in the global client structure can become stale.... Read more

    Affected Products : android
    • Published: Dec. 05, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-3184

    ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC fail to properly restrict access to the factory reset page. An unauthenticated, remote attacker can exploit this vulnerability by directly accessing the http://x.x... Read more

    Affected Products : camera_firmware
    • Published: Dec. 16, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-17717

    Sonatype Nexus Repository Manager through 2.14.5 has weak password encryption with a hardcoded CMMDwoV value in the LDAP integration feature.... Read more

    Affected Products : nexus_repository_manager
    • Published: Dec. 17, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-17759

    Conarc iChannel allows remote attackers to obtain sensitive information, modify the configuration, or cause a denial of service (by deleting the configuration) via a wc.dll?wwMaint~EditConfig request (which reaches an older version of a West Wind Web Conn... Read more

    Affected Products : ichannel
    • Published: Dec. 19, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-17761

    An issue was discovered on Ichano AtHome IP Camera devices. The device runs the "noodles" binary - a service on port 1300 that allows a remote (LAN) unauthenticated user to run arbitrary commands. This binary requires the "system" XML element for specifyi... Read more

    • Published: Dec. 19, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-13178

    In the initDecoder function of SoftAVCDec, there is a possible out-of-bounds write to mCodecCtx due to a use after free when buffer allocation fails. This could lead to remote code execution as a privileged process with no additional execution privileges ... Read more

    Affected Products : android
    • Published: Jan. 12, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-3765

    Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0.... Read more

    Affected Products : windows mlflow
    • Published: Jul. 19, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-6569

    West Wind Web Server 6.x does not require authentication for /ADMIN.ASP.... Read more

    Affected Products : web_connection
    • Published: Feb. 06, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-6289

    Configuration file injection leading to Code Execution as Root in Kaspersky Secure Mail Gateway version 1.1.... Read more

    Affected Products : secure_mail_gateway
    • Published: Feb. 06, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293354 Results